--digest-algo ignored on gnupg-1.4.9?

vedaal at nym.hush.com vedaal at nym.hush.com
Wed Jan 5 23:20:35 CET 2011

>Message: 2
>Date: Wed, 05 Jan 2011 14:01:10 -0500
>From: "Robert J. Hansen" <rjh at sixdemonbag.org>
>To: gnupg-users at gnupg.org
>Subject: Re: --digest-algo ignored on gnupg-1.4.9?

>> Hi, it appears --digest-algo is ignored for symmetric encryption 

>using gpg
>> 1.4.9.

>SHA-1 is used in the symmetric packet, as is expected.  See 
>section 5.13: "Symmetrically Encrypted Integrity Protected Data 
>SHA-1 is the only option for digest algorithms for this particular 

>--digest-algo will let you determine which algorithm to use, 
>there is a choice of which algorithm to use.  There is no choice 

There sort-of is, but in an out of the way place, 
and it's not apparent that the digests and ciphers for symmetric 
encryption are determined from there.

It's in the s2k preferences:
(the default is CAST5 and SHA1)
Here are mine:

s2k-cipher-algo 3DES
s2k-digest-algo SHA256

Here is a symmetric message done without any further instruction 
about what cipher and digest to use:

Version: GnuPG v1.4.10 (MingW32)
Comment: passphrase: sss


Here is the gpg output:

gpg v:\j1.txt.asc
gpg: armor header: Version: GnuPG v1.4.10 (MingW32)
gpg: armor header: Comment: passphrase: sss
:symkey enc packet: version 4, cipher 2, s2k 3, hash 8
        salt 295c36611d7d11a6, count 65536 (96)
gpg: 3DES encrypted data
:encrypted data packet:
        length: 39
gpg: encrypted with 1 passphrase
:compressed packet: algo=1
:literal data packet:
        mode b (62), created 1294263096, name="j1.txt",
        raw data: 11 bytes
gpg: original file name='j1.txt'
File `v:\j1.txt' exists. Overwrite? (y/N) y
gpg: decryption okay
gpg: WARNING: message was not integrity protected
gpg: session key: 

Note  'cipher 2' and 'hash 8' 


More information about the Gnupg-users mailing list